gnutls28 appears to allow 512bit RSA keys, when it shouldn't
Bug #1856435 reported by
Dimitri John Ledkov
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
gnutls28 (Ubuntu) |
Invalid
|
Wishlist
|
Unassigned |
Bug Description
To prevent lp bad formatting, please see the attached tarball.
The gist is that it appears that PROFILE_* settings are not applied correctly. By default it should require 1024bit RSA keys minimum
gnutls-serv command accepts and uses 512bit RSA certificate.
openssl s_server in comparison does not, due to key size too small.
operating openssl s_client against the gnutls-serv server, fails to connect again due to key size too small.
Yet gnutls-cli successfully connects to gnutls-serv with 512bit RSA key.
Attempting to override priority strings using SECURE256 or %PROFILE_HIGH and the like, does not make gnutls reject the small key size.
Tested on focal using gnutls28 3.6.10-5
To post a comment you must log in.
i really hope i am doing something wrong.